Not to be confused with FIDO U2F, which is basically what TOTP 2FA is,
just implemented differently.
FIDO U2F is materially different from TOTP 2FA.
With TOTP, there is no cryptographic validation of the requester / server. A user can be fooled into providing a TOTP code to the wrong site, or via phishing, or by an attacker simply making repeated authentication requests in the middle of the night until the user gets exasperated and provides the code.
By contrast, even the original FIDO U2F spec authenticates the 'origin' - the server being authenticated *to*. I'm glossing over the details, but in essence, the browser compares the cryptographic signature, and if it doesn't match the expected origin, it won't complete the authentication.
It is this property that virtually eliminated an entire class of phishing at Google:
TOTP does not have equivalent phishing resistance.
--
Royce